Sponsored Ads

The Web Security Mailing List

"Web application fuzzing is a method of detecting a web
application's vulnerabilities prior to deploying the application on a
production system. Users of this approach send several malicious
requests to the application and, based on the responses received,
determine the application's security posture. Users also can apply
fuzzing to perform tests on several different attack vectors such as
SQL, XPATH, and LDAP injection, and error handling.

This article introduces web application fuzzing, using Ruby
code to show how it works and demonstrate how to implement it. This
example code can serve as a starting point for a framework; you can
build advanced fuzzing software on top of it. Specifically, by
completing the article, you will learn the following:

* Web fuzzing techniques with HTTP requests
* How to use a Ruby fuzzing framework
* How to leverage interactive Ruby (irb) for web fuzzing
* How to script the objects in Ruby for fuzzing
* How to detect vulnerabilities with fuzzing"